aws-elb-alb-not-public.md

Pattern: Use of public AWS load balancer

Issue: -

Description

There are many scenarios in which you would want to expose a load balancer to the wider internet, but this check exists as a warning to prevent accidental exposure of internal assets. You should ensure that this resource should be exposed publicly.

Resolution: Switch to an internal load balancer or add a tfsec ignore.

Examples

The following example will fail the aws-elb-alb-not-public check.

 resource "aws_alb" "bad_example" {
 	internal = false
 }

The following example will pass the aws-elb-alb-not-public check.

 resource "aws_alb" "good_example" {
 	internal = true
 }
 

Further reading

• https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/lb